Joe Biden's website defaced by Turkish Hackers, Mitsubishi Electric hit by new cyberattack, and more

Originally published at:

Round Up of Major Breaches and Scams

Experts warn of mass-scanning for ENV files left unsecured online

Threat actors are scanning the internet for API tokens, passwords, and database logins that are usually used to store ENV files (Environment files) accidentally left exposed online. Environment files are configuration files that usually contain user environment variables for multiple frameworks and development tools such as Docker, Node.js, Django, and Symfony.

Joe Biden’s ‘Vote Joe’ website defaced by Turkish Hackers

This week, the Vote Joe site set up by the Biden-Harris Presidential campaign had been hacked and defaced by a Turkish hacker called RootAyyildiz. Based on the evidence and the archived snapshots of the site, it appears the breach and defacement had lasted for over 24 hours.

Good Heavens! 10M Impacted in Data Exposure

The Christian faith app has leaked private data for up to 10 million people, according to researchers. The app offers “daily prayer and Bible stories to inspire, educate and help you sleep” on a subscription basis. Subscriptions run anywhere from $50 to $120.

Mitsubishi Electric Corp. was hit by a new cyberattack

Mitsubishi Electric Corp. was hit again by a massive cyberattack that may have caused the leakage of information related to its business partners. “Company officials on Nov. 20 said they were checking the 8,653 accounts of those it has business transactions with to determine if information related to bank accounts of the other parties as well as other information leaked,” reads a post published on the Asahi Shimbun website.

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident is the latest incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters.

Round Up of Major Malware and Ransomware Incidents

Derby’s Griffin Hospital website taken down in major ransomware incident

In mid-November 2020, the hospital’s website was taken offline after ransomware attack against the website’s administrator “Derby’s Griffin Hospital is the indirect victim of a ransomware attack, with its website going offline this week but patient information not exposed,” officials said.

LightBot: TrickBot’s new reconnaissance malware for high-value targets

The notorious TrickBot gang has released a new lightweight reconnaissance tool used to scope out an infected victim’s network for high-value targets. Over the past week, security researchers began to see a phishing campaign normally used to distribute TrickBot’s BazarLoader malware switch to installing a new malicious PowerShell script. Like BazarLoader phishing campaigns, LightBot phishing emails pretend to be from human resources or the legal department about a customer complaint or the termination of the recipient’s employment.

Round Up of Major Vulnerabilities and Patches

Nearly $20 million stolen from the DeFi protocol Pickle Finance

Another liquidity mining project fell victim to the hack attack and lost about $20 million of users’ funds in DAI tokens. The attacker exploited the vulnerability of Pickle Finance smart contract called DAI PickleJar using fake swaps. Notably, the hacker chose to avoid a flash loan scheme used in most similar incidents recently. Instead, they deployed a malicious jar and passed in fake swaps.